0

I have a web app I am developing for a school project, I am having issues with the logout page. When a user clicks logout it will send them to a logout.php which just looks like this:

<?php include ("includes/check_authorization.php");
    // Unset the session and destroy it
    session_unset();
    session_destroy();

    // Redirect to the home page
    echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
    exit;
?>

It is very simple, but it will unset, then destroy the session, and redirect to the index, which is the login page. However when this is run the index immedietley redirects to a user homepage. The check_authorization page included at the top will redirect someone to login if the username and id are not set and matching in the $_SESSION, so this means that it is setting these for me? I am really confused as to how this is happening. I am using CAS for authentication.

EDIT: the check_authorization.php also initializes the session as well as checking those key values

Improve this question
4
  • Meta refreshes? Really? Commented Dec 14, 2011 at 16:52
  • Show us the check_authorization.php code. Maybe there is a logical error there. Commented Dec 14, 2011 at 23:33
  • I was using META refresh because it kept saying the header had already been sent, so that was the first and easiest way I found to redirect, if you have a better suggestion I would be more then open to it. Commented Jan 13, 2012 at 15:01
  • I solved my problem, there was nothing wrong with the above code. The CAS authentication I am using is not mine, it is for a much larger group (a University), when I was logging out it was destroying my session, but the University still held onto login data in a cookie, by deleting the cookie I was able to successfully logout :-) Commented Jan 13, 2012 at 15:04

3 Answers 3

Reset to default
1

For like this situation I did as follows, this is working for me all the browsers, 

@session_unset();
$old_sessid = @session_id();
@session_regenerate_id();
$new_sessid = session_id();
@session_id($old_sessid);
@session_destroy();
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

That does seem to help, but not 100%, I might have another issue altogether. At the risk of sounding like a complete noob...what are the @ for? I have not seen that notation before.
Basically @ is an operator, which, when prepended to an expression, suppresses error messages.
@Prediluted The @ operator suppresses errors. Read about it here. And as a general rule (although there are exceptions) it should be avoided at all costs - if you are getting errors, fix them, don't hide them.
0

Rather than just unsetting the data, try assigning a dummy value to the session, like:

$_SESSION['authKey'] = '!!INVALID!!';
session_unset();
session_destroy();

Even if the session 'revives', the authentication can't possibly succeed anymore because of the "fake" data.

Improve this answer

Comments

0

There are some possibilities :

  • The most simple possibility : did you include the

    session_start();

on top the file? before you include a file? I've been there before, and it pissed me off.

  • The second possibility : try to put

    session_regenerate_id();

on the very top of your file (before you declare session_start();). Because in some Server Hosting, their configuration still using "LINUX" style that i can't explain to you here. But, the point is they always using "cache" when you redirect. In other words, you always redirect into your "cached" page when you rediret to another page. See.. it's hard to explain for you here. But just try the session_regenerate_id(); code, maybe it would work.

  • I never use the "echo" things in doing redirect things. Try :

    header("location:index.php"); i don't know if this working or not. I just simply giving you my analysis based of my assumptions.

Hope these helpful. :)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.